Hotfix
An urgent, targeted code change deployed directly to production to fix a critical issue, bypassing the normal release cycle but still requiring expedited testing.
Hotfixes address production emergencies: security vulnerabilities, data-corrupting bugs, or major functional failures affecting users. Because of their urgency, hotfixes follow a streamlined but not skipped QA process. Typically, the fix is developed on a hotfix branch from the production tag, tested with targeted sanity tests, and deployed quickly.
The key risk of hotfixes is that urgency tempts teams to skip testing entirely. A botched hotfix can make the original problem worse. Teams should have a documented hotfix process that defines minimum required testing even under time pressure.
Why It Matters for QA Teams
QA teams must be ready to rapidly validate hotfixes without being pressured into skipping verification entirely. A defined expedited testing process ensures that urgent fixes do not create new urgent problems.
Example
A critical security vulnerability is discovered: user session tokens are being logged in plaintext to an application log accessible via a public endpoint. A hotfix is developed in 30 minutes. QA performs targeted sanity testing: verify the log no longer contains tokens, verify that login and session management still work correctly, and confirm the public endpoint is secured. The hotfix is deployed within two hours of discovery.